HIPAA Enforcement Statistics
The Centers for Medicare & Medicaid Services (CMS), on behalf of HHS, has authority to investigate complaints of non-compliance related to all of the HIPAA regulations except the Security Rule and Privacy rules, which are enforced by the Office of Civil Rights (OCR). The regulations for which CMS has enforcement authority include: the Transactions and Code Sets (TCS); the National Employer Identifier Number (EIN); the National Provider Identifier (NPI); and the Operating Rules (OPR).
Please view below the summary report that reflects the type and number of complaints type CMS is investigating.
- Enforcement Data September 2017
- Enforcement Data August 2017
- Enforcement Data July 2017
- Enforcement Data June 2017
- Page last Modified: 10/23/2017 3:04 PM
- Help with File Formats and Plug-Ins